If you look at what I was looking at you should be able to determine if your host has the same issue. If so this is really something that your host should fix and not something that DW should work around to provide a false sense of security. If this isn't the issue at all, then you would need to post more details about your situation.

Thanks SnakEyez02. I had seen that thread, which caused me to wonder whether my problems might relate to my host's use of a wildcard certifcate that covers multiple servers. I was going to keep that question in reserve, in case Peter had found a solution that would also work for others. However, now that you've mentioned certificate issues...

My host doesn't have time to troubleshoot this for now, so I'm grateful for any further thoughts or suggestions.

If you want I'd be willing to extend the same offer that I did in that post to help you. Basically you create me a junk folder on your domain with a junk ftp account that I can use and test with. PM me the details and I can look into it to see if that is your process. With my schedule right now it would probably take me a week to get back to you with results. Let me know if you want to do that.

Thanks - that's very kind of you indeed. I'm just waiting on hearing back from my hosting provider at the moment. They said they'd try to take a look soon and that was the other day. I haven't pressed them, but will follow up with them now, as Filezilla won't behave either.

In case it is of benefit to others, here's their explanation for what was amiss:

"Our servers use iptables for their firewalls, which doesn't automatically pick up the assigned port for a passive FTP connection when that connection is encrypted. The range of ports configured on the FTP server for the data channel in passive mode didn't exactly match the range of ports that was explicitly open in the firewall for that purpose, giving only a 1 in 3 chance of getting a working encrypted passive FTP connection."